In particular, wireless networks, especially those specified in the standards IEEE802.11 of 1997 and 1999, are currently greatly used in “Hot-Spots”, Business or Residential contexts using the technique commonly called “Wi-Fi”. The principle is as follows: a mobile terminal, such as a portable computer, is provided with a communications interface of the Wi-Fi type with a wireless network, this network itself being connected to a wired network, for example a local network of a company or an extended network like the Internet. This system thus makes it possible for a user of the mobile terminal to connect himself to the wired network whilst being in a state of mobility.
This technique provides new uses, but also gives rise to certain vulnerabilities. In fact, access to a wired network via a wireless interface can give rise to risks of malicious misuse of private data if access to the wired network (by any person by radiofrequency means) is not controlled.
The situation is particularly sensitive in the “company wireless networks” context where the threat essentially arises from roaming equipments such as portable computers which (as standard) by default house an integrated Wi-Fi card. These computers can have configurations which by default automatically connect to any: open Wi-Fi network. The term “open” is understood to mean that the network then becomes directly accessible without authentication or encoding of the radio channel. Security problems therefore arise because equipments of the company are connected to unknown Wi-Fi networks. If the portable computer is also connected to the local network of the company via its wired network (for example with an Ethernet network card), the portable computer is then in a situation referred to as “double attachment” (DA). This situation is critical for the security of the company's network because that network can be interconnected with an unknown network without any access control, the computer thus interconnected with these two networks offering attackers the possibility of flipping from one network to the other.
As a current solution, tools exist which make it possible to avoid double attachment between a wired network and a wireless network, but this solution necessitates an installation of the tool on all of the equipments of the portable computer type. However, there are many cases where it appears difficult to install these tools on all of the portable computers which connect to a company, in particular when it is a matter of test computers, computers not belonging to the company or other computers. More generally, this measure thus involves the control of all of the equipments communicating with the wireless network. Unfortunately, this is not always the case in a company, in particular when it has a large amount of portable computers. Similarly, it is possible that the tool making it possible to prevent double attachment is not activated for some reason or other.
Even though it is an extremely critical problem for the security of a company, at present there is no technique for detecting a double attachment between a wired network and a wireless network which is usable and efficient both on controlled and on non-controlled equipments of the company.